If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

I would recommend using a payment gateway such as Paypal, 2Checkout, etc. When messing with Credit Cards and money handling it is always better to use an outside source (in this case, a payment gateway) for it as compared to using a database and a flemsy (spelling?) server-side script.

If they get the data, then they could decrypt it as by that point they would likely have your source code too. I say just make the system secure in the first place.
The only way that encryption like that would work is if you had a key to it that only he knew. If you had a password that generated a way to decrypt it, that would be helpful.
But, still, you need to store the data securely. A database is a good idea, I think, as long as it is secure.

Go through each character and base it on the password.
take the md5 of the password, add the ordinal value of the characters to the md5 hash, repeating this every 32 characters. Well, then again, that's just a credit card, so no need to repeat it.
To decrypt, just do the inverse.
Or something else. Just be creative, be sure it works every time, and make sure there's no way to fake it.
It still wouldn't be entirely secure, but it would be helpful.

For very sensitive details (credit card numbers, security codes), just don't store them at all. Require that the user re-enters them for each new transaction. Most companies do this nowadays; it also provides some protection for the user if the account is compromised.